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opposition individuals who could have possibly been traveling with the ships of interest . 



Our Approach 



• Queried over 900 towers and other selectors in MAINWAY/SEDB in attempt 
to discover any identifiable selectors around the coordinates of interest. 

• Created another query based on identified selectors of interest to pull for 
any cell fan information in order to more precisely locate each selector of 
interest. 

• Queried in SEDB ship data on the ships of interest and plotted the track the 
ships took into 

• Identified selectors by cell fan information seen near the ports where the 
ships of interest had docked. Also correlated any selectors moving in 
relation to the ships' movements using cell fan data. 





Mission Example and Result: The HAPPYFOOT analytic aggregates leaked location-based service / location-aware application data 
to infer IP addre ss geo-locat ions. SDS ident ified ‘Public’ and ‘private’ usage of the same IP address that caused HAPPYFOOT to 
assign ^^^|netblocks to^^^^^|geo-locations (the IP address was used in both countries). This private network is now 
being realmed and properly geo-located. Ongoing work will solve this realming problem for networks affecting other cloud analytics. 








Our Approach 

•Tracked ^|target's converged communications and CNE accesses. 

• Monitored passive internet traffic; created automated processes where 
possible (XKS ANCHORMAN, Workflows, Fingerprints). 

• Provided TAO/GCHQ with WLLids/DSL accounts, Cookies, 
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GooqlePREFIDs to enable remote exploitation. 

• Partnered with NGAand R4 to confirm locations and USRP equipment 
based on collected photographs. 

• Drove CNE collection and partnered with TAO to increase USRP 
specific endpoint accesses. 

• Provided knowledge to interagency partners for potential on the ground 
survey options and FBI-led intelligence guiding efforts. 





(S//SI//REL TO USA, FVEY) Meta data /Target Discovery: Analyze DNR/DN I/Convergence 
metadata for target discovery, identify gaps in collection, processing, and analytic 
methodologies; improve metadata collection and processing; Create analytics that 
automate or improve analytic methodologies; Conduct target discovery through multiple 
technology thrusts, including endpoint, web-based technologies/services, mobile 
applications and networks, geo-location analysis, correlations/identity Analysis, Social 
Network Analysis; Collaboration/facilitation with TAO, S3, CIA, ODNI, SSO, CES, and SSG 
centers. 



Print Notes 



http://www.documentcloud.org/notes/print?docs[]=886160 



NSA signal-surveillance success stories 

4 Pages - Contributed by Matt DeLong, Washington Post - Dec 05, 2013 

Excerpts from an April 2013 National Security Agency presentation detailing signal surveillance techniques and successes. 



How the NSA uses toweT date to lind rww targets ip 1} 

Discovered position individuals who could have possibly been traveling with Ihe ships of interest . 

Our Approach 

• Queried over 900 lowers and other selectors in MAINWAY/SEDB in attempt 
to discover any identifiable selectors around the coordinates of interest. 

* Created another query based on identified selectors of interest to pull tor 
any cell fan information in order to more precisely locate each selector of 
interest. 

* Queried in SED6 ship data cm the ships of interest and plotted the track the 
ships took into 

• Identified selectors fay cell fan information seen near the ports where the 
ships of interest had docked. Also correlated any selectors moving in 
relation to the ships' movements using cell fan data. 
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Mliii&n Example and Result The KAPPYFQOT analytic aggnsgaiK Mnd locaton-based series i iwatofi-swane aapucauon data 
to in hr IF afrfrte s a geo- aocal ions. SOS itten Lfied 'Public' and "private' usaga of the IP address Thai caused HAPPYFQQT to 

1 th * |P 3dd r es-$, was usea in both msatrm) Tm pnvajfl network now 
being maim ad and property g&o-iocated On^ng worn w« sotye h $ naainung ptt&m tty network effect ng other ctou3 ana^cs, 
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Our Approach 




•Tracked Meet's converged communications and CNE accesses 


fpi 


■ Monitored passive internet traffic; created automated processes where 
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possible (XKS ANCHORMAN, Workflows, Fingerprints). 
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Google tracking cookie used to punpoinMargets ip. 3} 



* Provided TA0/GCHQ with WLLids/DSL accounts, Cookies, 
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GpoglePREFIOs. to enable remote exploitation. 



NSA [>arBneied with MG A fp. 3) 

• Partnered with NGA and R4 to confirm locations and USRP equipment 
based on collected photographs. 
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Print Notes 



http://www.documentcloud.org/notes/print?docs[]=886160 



Misti* tag? (p. 3) * ufove UYt collection ana paruierea wnn iau to increase uokp 
specific endpoint accesses 



DNRi'DNl metadata ip 4; 

(S//SI//REL TO USA, FVEY) Metad ata/ Target Discovery: Analyze DN R/DNl/tonvergence 
metadata for target discovery, identify gaps in collection, processing, and analytic 
methodologies; Improve metadata collection and processing; Create analytics that 
automate or improve analytic methodologies; Conduct target discovery through multiple 
technology thrusts, including endpoint, web-based technologies/services, mobile 
applications and networks, geo-location analysis, correlations/identity Analysis, Social 
Network Analysis; Collaboration/fad litatian with TAO, S3, CIA, QDNI, 550, CE5, and S5G 
centers* 
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